5 Mobile Security Tips App Developers Need to Remember
When you develop a mobile app, you are creating an unspoken agreement between you and the users that their data will be secure. App development is often fast-paced, especially if the client is trying to get something new on the market before a competitor. However, no matter how strict your deadlines are, you cannot ignore security.
Many people have a bad habit of leaving their phone unattended. They may just leave it on the table at Starbucks for a few seconds while they go up to the counter, but that is all the time a thief needs to snag their phone and their stored information along with it. Whenever possible, it is a good idea to store the user’s sensitive personal information on a secure server-side system instead of on the phone itself. It is also important to encrypt any data transmitted between the device and the server and vice versa.
Know Your OS
Even different versions of the same operating system can have dissimilar security flaws. For example, the Android 2.1 OS is different from version 3 or 4. Keep in mind that as users upgrade their operating systems, you will likely have to release patches or updates to deal with new security threats. Since different users may be using different versions of the same platform, you should design your apps to be secure on as many versions of an operating system as it supports.
Get Specialized Help
It is always a good idea to bring in a mobile security expert to help test your app and look for potential flaws. An outsider is more likely to approach finding security flaws like a true hacker would. Even if you know a good deal about mobile security, someone else may pick up something you missed or approach a problem from a different angle. A “second set of eyes” will help save you grief in the long run.
Don’t Skip Steps
Secure architecture, code review, threat modeling and penetration testing are all critical parts of mobile security development. Even if your client is hounding you to rush the development of the app, do not skip any of these important steps. In the end, your client will be a lot more displeased if the app is released with a ton of security vulnerabilities than he or she will be if you take the time to do your job properly.
Watch What You Store
If it is not strictly necessary for the app to store a user’s sensitive information, then do not store it on the phone. Additionally, if you do have to store certain information, then use standard security measures like password protection, data encryption and remote access admin controls to protect that information. A good rule of thumb is to store the bare minimum amount of information about the user that the app requires, and even then, it should be securely protected.
Some mobile phone users are more security conscious than others are. You cannot leave security strictly in the hands of the app’s users. Implement as many security measures as you can so that your app’s users will have a good experience.